Young cyber criminals are motivated to enter the gloomy world of cyber crime by peer respect and accomplishment, according to the National Crime Agency (NCA).
The aim of the NCA’s research was to identify how and why some young people become involved in cyber crime.
The report, which is based on debriefs with offenders and those on the fringes of criminality, explored why young people assessed as unlikely to commit more traditional crimes get involved in cyber crime.
Richard Jones, Head of the National Cyber Crime Unit’s Prevent team, said “Even the most basic forms of cyber crime can have huge impacts and the NCA and police will arrest and prosecute offenders, which can be devastating to their future. That means there is great value in reaching young people before they ever become involved in cyber crime, when their skills can still be a force for good.”
>See also: The cyber threat to UK businesses – NCSC and NCA report
“The aim of this assessment has been to understand the pathways offenders take, and identify the most effective intervention points to divert them towards a more positive path.”
“That can be as simple as highlighting opportunities in coding and programming, or jobs in the gaming and cyber industries, which still give them the sense of accomplishment and respect they are seeking.”
The report emphasised that financial gain is not necessarily a priority for young offenders. Instead, the sense of accomplishment at completing a challenge, and proving oneself to peers in order to increase online reputations are the main motivations for those involved in cyber criminality.
During his debrief, Subject 7, who was jailed for Computer Misuse Act and fraud offences, told officers, “…it made me popular, I enjoyed the feeling… I looked up to those users with the best reputations”.
Commenting on the report, Dr Jamie Graves, CEO of ZoneFox said that “The findings released today detailing how young people are increasingly becoming involved in cyber crime are worrying. Big incidents such as the TalkTalk hack in 2015, where a person who was not even old enough to vote – bought a huge company to its knees, is the best example.”
“But it shouldn’t be this way. We live in a country where technology encompasses every inch of our daily lives – especially the younger generations. The report details that criminal hackings are considered ‘cool’ and done to impress peers. Now is the time for the UK to really focus on tackling this by putting an emphasis on trying to flip young people’s attitudes on cyber-security from ‘bad’ to ‘good’.”
>See also: A rule of 3: Three mobile network hacked by 3 men
The report identified that some offenders begin by participating in gaming cheat websites and ‘modding’ (game modification) forums before progressing to criminal hacking forums.
The assessment notes that off-the-shelf tools such as DDOS-for-hire services and Remote Access Trojans (RATs) are available with step by step tutorials at little to no cost to the user, making the skills barrier for entry into cyber crime lower than it has ever been.
It also highlighted that whilst there is no socio-demographic bias, with people across the country from different backgrounds among offenders, the average age of cyber criminals is significantly younger than other crime types.
In 2015, the average age of suspects in NCA cyber crime investigations was 17 years old, compared to 37 in NCA drugs cases and 39 in NCA economic crime cases.
Subject 1, a member of a hacking collective who sold DDoS tools and Botnet services, told officers that a warning from law enforcement would have made him stop his activities.
>See also: The skills shortage will leave UK companies vulnerable – cyber security chiefs
The report further identified education and opportunities to use skills positively as helpful in steering potential offenders towards a future career in cyber security.
Graves agrees and said that “At a time when cyber-crime continues to cripple companies and over two-thirds of businesses can’t find enough talent to defend their company against cyber-threats, we should be asking how we can get these talented young hackers to fight crime, not contribute to it. Yes, targeting and removing the free tools that exist online that allow hacking to take place, must be a focus, but more innovative approaches are needed.”
“Instead of spending resources looking to suppress these highly intelligent young individuals and put them behind bars, we should be identifying them and nurturing and encouraging them to contribute positively in roles that can utilise their skills, both in the private and public sectors. This will not only empower them for good, but also boost the economy and safeguard the nation.”